Phishing Scam Targets Ledger Users, $600K in Tether Forfeited by US Authorities

Severity: Medium (Score: 57.6)

Sources: News.Bitcoin, Mexc.Co, Decrypt.Co, Kucoin

Summary

In a significant case of cryptocurrency fraud, the U.S. Attorney's Office for the District of Connecticut has forfeited over $600,000 in Tether (USDT) linked to a phishing scam that targeted a Ledger hardware wallet user. The victim, referred to as T.M., received a fraudulent letter in September 2025, falsely claiming to be from 'Ledger Security and Compliance,' which prompted them to perform a security review. Following the instructions led to the compromise of their recovery seed phrase and the theft of their funds. The FBI and state police utilized blockchain analytics to trace the stolen assets, which had been funneled through multiple wallets to obscure their origin. A civil forfeiture complaint was filed in January 2026, and on March 31, 2026, a court decree allowed the U.S. government to seize the funds. The recovered USDT will be returned to the victim through the Department of Justice. This incident highlights the ongoing threat of phishing attacks targeting cryptocurrency users, particularly those with hardware wallets. Key Points: • Over $600,000 in USDT was forfeited due to a phishing scam targeting a Ledger user. • The scam involved a fraudulent letter that compromised the victim's recovery seed phrase. • Blockchain analytics enabled law enforcement to trace and recover the stolen funds.

Key Entities

• Phishing (attack_type)
• Ledger (company)
• Trezor (company)
• United States (country)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Ledger Hardware Wallet (platform)